As we are using a symbol map for libsandbox, its no longer needed
to have all the internal functions static, and thus we can break
things out a bit and make the source layout more sane. Start by
moving librcutil to libsbutil, and adding all the defines and
helper functions needed by both libsandbox and sandbox.

Convert all string list operations to use the str_list_*() macro's.
This allow a nice cleanup of the bash argv stuff, and also actually
add error handling to that part of the code. Some more cleanup of
the environ stuff.

Set 'env_ptr = environ;' _after_ we unset and set variables, else the
block could have been reallocated, and leave us using the wrong pointer.
General cleanup of the env handling code. Free all memory used.

Just killing the child with SANDBOX_ABORT do not actually abort the make process
in many cases. So also kill the offending child, and pray that make will also
abort. This is really hackish, and we should rather kill the whole process tree,
but currently its too much work (considering that we are in signal context which
probably will make things difficult - not even talking about the bsd's ...), so it
will have to do.

Rename sandbox_futils.c to sandbox_utils.c. Add gstrndup() and gbasename()
to sandbox_utils.c. Add check for glibc, and fixup things to not need glibc
only extensions if not needed for versioned symbols.

Add get_sandbox_debug_log(), and use it (add behaviour similar to SANDBOX_LOG
if already exported when sandbox started). Fix get_sandbox_log() and new
get_sandbox_debug_log() to not use already exported environment variables if
they have '/' in them. Use snprintf()'s instead of strncpy()'s. More
SB_PATH_MAX fixes.

Fixup the constructor/destructor function names again (they should be _init()
and _fini() it seems, and not being called caused sandbox_lib_path to be
unset, and thus breaking the execve() wrapper's LD_PRELOAD protection).
Add both the path in given SANDBOX_x variable, as well as its symlink
resolved path in init_env_entries(). Modify filter_path() to be able to
resolve paths without resolving symlinks, as well as to be able to resolve
symlinks. Fix a possible segfault in check_access(). Add symlink resolving
to check_access() resolving bug #31019. Add 'hack' for unlink, as the fix
for bug #31019 cause access violations if we try to remove a symlink that is
not in protected path, but points to a protected path. Fix a memory leak in
sandbox.c (sandbox_pids_file in main()). Fix the realpath() calls in main()
(sandbox.c) being unchecked. Fix the debug logname not having the pid in it
(pid_string was uninitialized). General syntax cleanups.